Short answer: The Auth plugin api doesn't provide a way for it to access the headers. So it isn't possible to do it today.
This has come up a few times recently. There is some work going on to extend what is possible to do with Auth plugins. It doesn't currently address this particular scenario, but perhaps it should.
See my comments here Use Admin API with adminAuth type strategy
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy